BSD Commit Log Search

   meta-pkgs/netbsd-www: Bump libxslt dependency.

   This pulls in a newer libxml2 that produces <meta charset="utf-8">
   instead of <meta http-equiv="Content-Type" content="text/html;
   charset=utf-8">, so that www@ committers don't ping-pong between the
   new forms as long as they have up-to-date netbsd-www.

   comms/picocom: update to version 3.1

   Changes in version 3.1:

   * Added the --raise-dtr and --raise-rts options, for symmetry with
     --lower-dtr and --lower-rts (see manual page for details)
   * Added custom baudrate support for FreeBSD, OpenBSD, and DragonflyBSD
     (in additions to Linux and MacOS that were already supported)
   * Better build support for custom baudrates. Now custom baudrate support
     is enabled by default for some systems (for Linux, kernels > 2.6.0,
     x86, and x86_64, for Intel Macs with macOS / OSX >= 10.4, and for some
     BDSs).
     You can always explicitly enable custom baudrate support for other
     systems (see Makefile) and you can explicitly disable it, even for the
     systems it is automatically enabled for (again, see Makefile).
     To see if custom baudrate support is enabled in your build, run
     picocom with the --help command-line option

   Changes in version 3.0:

    [48 lines not shown]

   Pullup ticket #7101 - requested by nia
   www/palemoon: Security fix

   Revisions pulled up:
   - www/palemoon/Makefile.common                                  1.6
   - www/palemoon/distinfo                                         1.42

   ---
      Module Name:      pkgsrc
      Committed By:     nia
      Date:             Sun May  3 12:47:06 UTC 2026

      Modified Files:
        pkgsrc/www/palemoon: Makefile.common distinfo

      Log Message:
      palemoon: Update to 34.2.2

           v34.2.2 (2026-05-01)

    [9 lines not shown]

   Pullup ticket #7097 - requested by taca
   net/inetutils: Security fix

   Revisions pulled up:
   - net/inetutils/Makefile                                        1.12-1.13
   - net/inetutils/distinfo                                        1.8-1.9
   - net/inetutils/patches/patch-telnetd_utility.c                 deleted

   ---
      Module Name:      pkgsrc
      Committed By:     vins
      Date:             Sun Apr 19 19:15:38 UTC 2026

      Modified Files:
        pkgsrc/net/inetutils: Makefile distinfo
      Added Files:
        pkgsrc/net/inetutils/patches: patch-telnetd_utility.c

      Log Message:

    [89 lines not shown]

   Pullup ticket #7092 - requested by taca
   net/powerdns: Security fix

   Revisions pulled up:
   - net/powerdns/Makefile                                         1.93
   - net/powerdns/Makefile.common                                  1.45-1.46
   - net/powerdns/distinfo                                         1.56-1.57

   ---
      Module Name:      pkgsrc
      Committed By:     wiz
      Date:             Sun Mar 29 16:55:23 UTC 2026

      Modified Files:
        pkgsrc/net/powerdns: Makefile Makefile.common distinfo

      Log Message:
      net/powerdns: Update to version 5.0.3


    [34 lines not shown]

   kde: remove remaining kde4 packages from meta-package

   firefox140: address CVS keyword substitution glitch

   py-postorius: Apply an upstream security bug fix.

   Bump PKGREVISION.

   Fix dumpfs to allow NAME=wedge-label on command line

   This is a follow-on from the PR bin/59957 changes, and is being
   included with that PR so it is easier to locate all the tools that
   have been changed this way, so they can all be updated again once
   the new code is moved to libutil where it belongs, and out of src/sbin/fsck.

   When handling of NAME=whatever was added to dumpfs, it was done
   in a way where it could only work when dumpfs was used as

        dumpfs mount-point

   and /etc/fsck contained

        NAME=whatever mount-point  [rest of fstab entry]

   That covers the vast majority of actual uses, but a simple

        dumpfs NAME=whatever

    [5 lines not shown]

   firefox140-l10n: update to 140.10.2

   firefox140: update to 140.10.2

   Mozilla Foundation Security Advisory 2026-41
   Security Vulnerabilities fixed in Firefox ESR 140.10.2

   Announced
       May 7, 2026
   Impact
       high
   Products
       Firefox ESR
   Fixed in

           Firefox ESR 140.10.2

   #CVE-2026-8090: Use-after-free in the DOM: Networking component

   Reporter
       Kevin Brosnan

    [31 lines not shown]

   py-orjson: update to 3.11.9.

   Changed

       Build now depends on Rust 1.95 or later instead of 1.89.

   Fixed

       Fix building on Rust 1.95.

   Revbump all Go packages after go126 security update

   Pullup ticket #7090 - requested by taca
   www/ruby-rack-session: Security fix

   Revisions pulled up:
   - www/ruby-rack-session/Makefile                                1.4
   - www/ruby-rack-session/distinfo                                1.4

   ---
      Module Name:      pkgsrc
      Committed By:     taca
      Date:             Sun Apr 12 15:31:10 UTC 2026

      Modified Files:
        pkgsrc/www/ruby-rack-session: Makefile distinfo

      Log Message:
      www/ruby-rack-session: update to 2.1.2

      2.1.2 (2026-04-08)

    [3 lines not shown]

   Pullup ticket #7089 - requested by taca
   net/p5-Net-CIDR-Lite: security fix

   Revisions pulled up:
   - net/p5-Net-CIDR-Lite/Makefile                                 1.34
   - net/p5-Net-CIDR-Lite/distinfo                                 1.10

   ---
      Module Name:      pkgsrc
      Committed By:     wiz
      Date:             Sat Apr 11 05:08:37 UTC 2026

      Modified Files:
        pkgsrc/net/p5-Net-CIDR-Lite: Makefile distinfo

      Log Message:
      p5-Net-CIDR-Lite: update to 0.23.

      0.23  2026-04-10

    [2 lines not shown]

   Pullup ticket #7088 - requested by taca
   chat/icb: Build fix

   Revisions pulled up:
   - chat/icb/distinfo                                             1.24
   - chat/icb/patches/patch-readline_Make                          1.2

   ---
      Module Name:      pkgsrc
      Committed By:     spz
      Date:             Fri Apr  3 16:46:05 UTC 2026

      Modified Files:
        pkgsrc/chat/icb: distinfo
        pkgsrc/chat/icb/patches: patch-readline_Make

      Log Message:
      build fix
      In NetBSD 11 and possibly also SmartOS the ar 'l' modifier went from

    [6 lines not shown]

   Pull up following revision(s) (requested by skrll in ticket #279):

        common/lib/libc/atomic/atomic_cas_16_cas.c: revision 1.4
        common/lib/libc/atomic/atomic_cas_16_cas.c: revision 1.5
        common/lib/libc/atomic/atomic_cas_8_cas.c: revision 1.4
        common/lib/libc/atomic/atomic_cas_32_cas.c: revision 1.3
        common/lib/libc/atomic/atomic_cas_8_cas.c: revision 1.5
        common/lib/libc/atomic/atomic_cas_8_cas.c: revision 1.6
        tests/lib/libc/atomic/t___sync_compare_and_swap.c: revision 1.4
        tests/lib/libc/atomic/t___sync_compare_and_swap.c: revision 1.5
        common/lib/libc/atomic/atomic_init_testset.c: revision 1.22
        common/lib/libc/atomic/atomic_init_testset.c: revision 1.23
        common/lib/libc/atomic/atomic_cas_64_cas.c: revision 1.4
        common/lib/libc/atomic/atomic_cas_by_cas32.c: revision 1.5

   PR/56839 GCC emits wrong codes for compare_and_swap_1 bultins on armv5 (el & eb)

   There is mismatch in signedness of the GCC builtin __sync_* function arguments
   and the _atomic_* functions so we cannot directly alias them. Instead write

    [13 lines not shown]

   Pull up following revision(s) (requested by mrg in ticket #277):

        sys/fs/cd9660/cd9660_rrip.c: revision 1.19

   cd9660: make sure that NM records are at least 5 bytes long.
   avoids an integer underflow when this length has 5 subtracted from it
   for a later path.

   Reported by Adam Crosser, Praetorian

   Pull up the following, requested by christos in ticket #272:

        crypto/external/apache2/openssl/lib/libcrypto/man/OPENSSL_ppccap.3 up to 1.2
        crypto/external/apache2/openssl/lib/libcrypto/man/BIO_set_flags.3 up to 1.2
        crypto/external/apache2/openssl/lib/libcrypto/man/CMS_EncryptedData_set1_key.3 up to 1.2
        crypto/external/apache2/openssl/lib/libcrypto/man/EVP_CIPHER_CTX_get_app_data.3 up to 1.2
        crypto/external/apache2/openssl/lib/libcrypto/man/openssl-DES_random_key.3 up to 1.2
        crypto/external/apache2/openssl/lib/libcrypto/man/openssl-HMAC.3 up to 1.2
        crypto/external/apache2/openssl/lib/libcrypto/man/openssl-MD5.3 up to 1.2
        crypto/external/apache2/openssl/dist/crypto/modes/asm/aes-gcm-ppc-v1.pl up to 1.1
        crypto/external/apache2/openssl/dist/doc/man3/BIO_set_flags.pod up to 1.1.1.1
        crypto/external/apache2/openssl/dist/doc/man3/CMS_EncryptedData_set1_key.pod up to 1.1.1.1
        crypto/external/apache2/openssl/dist/doc/man3/EVP_CIPHER_CTX_get_app_data.pod up to 1.1.1.1
        crypto/external/apache2/openssl/dist/doc/man3/OPENSSL_ppccap.pod up to 1.1.1.1
        crypto/external/apache2/openssl/dist/doc/man3/X509V3_EXT_print.pod up to 1.1.1.1
        crypto/external/apache2/openssl/dist/test/certs/cve-2026-28388-ca.pem up to 1.1.1.1
        crypto/external/apache2/openssl/dist/test/certs/cve-2026-28388-crls.pem up to 1.1.1.1
        crypto/external/apache2/openssl/dist/test/certs/cve-2026-28388-leaf.pem up to 1.1.1.1
        crypto/external/apache2/openssl/dist/test/certs/ext-timeSpecification-periodic-no-second.pem up to 1.1.1.1

    [3249 lines not shown]

   security/gcr4: disable gtk4 option to avoid pulling the whole stack

   Note update of OpenSSH to 10.3 (ticket #271)

   Pull up the following, requested by christos in ticket #271:

        crypto/external/bsd/openssh/dist/ed25519-openssl.c up to 1.1.1.1
        crypto/external/bsd/openssh/dist/ssherr-libcrypto.c up to 1.1.1.1
        crypto/external/bsd/openssh/dist/ssherr-nolibcrypto.c up to 1.1.1.1
        crypto/external/bsd/openssh/dist/hash.c         delete
        crypto/external/bsd/openssh/dist/PROTOCOL       up to 1.26
        crypto/external/bsd/openssh/dist/addr.c         up to 1.9
        crypto/external/bsd/openssh/dist/addr.h         up to 1.1.1.4
        crypto/external/bsd/openssh/dist/addrmatch.c    up to 1.16
        crypto/external/bsd/openssh/dist/auth-bsdauth.c up to 1.10
        crypto/external/bsd/openssh/dist/auth-krb5.c    up to 1.20
        crypto/external/bsd/openssh/dist/auth.c         up to 1.40
        crypto/external/bsd/openssh/dist/auth.h         up to 1.26
        crypto/external/bsd/openssh/dist/auth2-chall.c  up to 1.22
        crypto/external/bsd/openssh/dist/auth2-gss.c    up to 1.19
        crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.26
        crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.38
        crypto/external/bsd/openssh/dist/auth2-pubkeyfile.c up to 1.5

    [130 lines not shown]

   Note update of xz to 5.8.3 (ticket #270)

   Pull up the following, requested by christos in ticket #270:

        external/public-domain/xz/dist/doc/examples/11_file_info.c up to 1.1.1.1
        external/public-domain/xz/dist/po/pt_BR.gmo     up to 1.1.1.1
        external/public-domain/xz/dist/po/ca.gmo        up to 1.1.1.1
        external/public-domain/xz/dist/po/ca.po         up to 1.1.1.1
        external/public-domain/xz/dist/po/da.gmo        up to 1.1.1.1
        external/public-domain/xz/dist/po/da.po         up to 1.1.1.1
        external/public-domain/xz/dist/po/eo.gmo        up to 1.1.1.1
        external/public-domain/xz/dist/po/eo.po         up to 1.1.1.1
        external/public-domain/xz/dist/po/es.gmo        up to 1.1.1.1
        external/public-domain/xz/dist/po/es.po         up to 1.1.1.1
        external/public-domain/xz/dist/po/fi.gmo        up to 1.1.1.1
        external/public-domain/xz/dist/po/fi.po         up to 1.1.1.1
        external/public-domain/xz/dist/po/hr.gmo        up to 1.1.1.1
        external/public-domain/xz/dist/po/hr.po         up to 1.1.1.1
        external/public-domain/xz/dist/po/hu.gmo        up to 1.1.1.1
        external/public-domain/xz/dist/po/hu.po         up to 1.1.1.1
        external/public-domain/xz/dist/po/ka.gmo        up to 1.1.1.1

    [524 lines not shown]

   Tickets #1253 - #1265

   Tickets #2008, #2009 and #2011

   Pull up following revision(s) (requested by mrg in ticket #1265):

        libexec/httpd/CHANGES: revision 1.57
        libexec/httpd/daemon-bozo.c: revision 1.23
        libexec/httpd/bozohttpd.8: revision 1.101
        libexec/httpd/lua-bozo.c: revision 1.16
        libexec/httpd/auth-bozo.c: revision 1.29
        libexec/httpd/bozohttpd.h: revision 1.74
        libexec/httpd/ssl-bozo.c: revision 1.35
        libexec/httpd/ssl-bozo.c: revision 1.36
        libexec/httpd/ssl-bozo.c: revision 1.37
        libexec/httpd/bozohttpd.c: revision 1.150
        libexec/httpd/bozohttpd.c: revision 1.151
        libexec/httpd/bozohttpd.c: revision 1.152

   Fix iteration over protos[] to prevent out-of-bounds access

   Fix use-after-free in the "<a  rel="nofollow" href="http://"">http://"</a>; case


    [18 lines not shown]

libsquish: removed; imported into base

   Added graphics/libsquish; Updated games/vcmi

   vcmi: updated to 1.7.3

   1.7.3

   Stability

   Fixed crash on Master Genie spellcasting attempts
   Fixed random crash on startup due to preloading of .def assets
   Fixed crash when attempting to start HotA 1.8 map while having older version of HotA mod active
   Fixed crash on switching to or from fullscreen mode while rebinding spell for quick spell panel in combat
   Fixed crash on invalid string in creature recruitment title
   Fixed crash on Heroes Chronicles import failure on iOS
   Fixed crash on starting Deus Ex Machina scenario of Forged of Fire campaign from HotA
   Fixed crash on removing boat of a hero that starts map on water in HotA maps
   Fixed crash on Linux on attempt to use middle mouse in the backpack
   Fixed rare crash on opening custom campaigns map list while player has multiple mods active
   Fixed rare crash on mod conflict detection testing
   Fixed rare crash on closing of video playback
   Fixed rare crash on updating minimap view

    [40 lines not shown]